I've been searching without a solid solution yet. I need to send OSSEC email alerts from my OSSEC server, but without hosting an SMTP server (postfix, etc). I get rejected by the Google SMTP servers (according to OSSEC errors/tcpdump). I'm not aware of a way to add SMTP login creds within the ossec.conf. Any ideas are greatly appreciated!
OSSEC alerts without hosting SMTP
alertsossecsmtp
Best Answer
[emails are sent to single email email domain - see comments ]
You may configure your OSSEC to send messages directly to servers accepting messages for the recipient's email domain. Use
nslookup -type=mx the.domain
ordig the.domain MX
to get list of names to use.https://ossec-docs.readthedocs.org/en/latest/syntax/head_ossec_config.global.html